Apache reverse proxy with basic authentication

Question

Trying to configure my reverse proxy with basic authentication before forward the traffic to my back end server. Can any one give me a solution.

Example here:

<

Answer 1

Here's the config I have used to accomplish basic authentication over https against a database. My backend server is running Tomcat and I connect to it using AJP. The funny port number (4443) is because the standard port (443) was already used, and I didn't want to configure several https services on the same port.

NameVirtualHost *:4443

        ServerAdmin webmaster@localhost
        ServerName ws.myserver.se
        ServerAlias ws.myserveralias.se
        ErrorLog /var/log/apache2/ajpProxy.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel info

        CustomLog /var/log/apache2/ajpProxy.log combined

        DBDriver mysql
        DBDParams "host=127.0.0.1 port=3306 user=proxyAuthUser pass=yourDbPasswordHere dbname=yourDbName"
        DBDMin  4
        DBDKeep 8
        DBDMax  20
        DBDExptime 300        

        
              # core authentication and mod_auth_basic configuration
              # for mod_authn_dbd
              AuthType Basic
              AuthName "Backend auth name"
              AuthBasicProvider dbd

             # core authorization configuration
              Require valid-user

              # mod_authn_dbd SQL query to authenticate a user
              AuthDBDUserPWQuery \
                "SELECT password FROM user WHERE emailAddress = %s"

              AddDefaultCharset Off
              Order deny,allow
              Allow from all
        

        ProxyPass / ajp://localhost:8009/
        ProxyPassReverse / ajp://localhost:8009/

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/apache2/ssl/yourCertificateFile.crt
        SSLCertificateKeyFile /etc/apache2/ssl/yourPrivateKeyFile.key
        
                SSLOptions +StdEnvVars
        
        
                SSLOptions +StdEnvVars
        

        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown